Audrey ANDAY*, Enrico FRANCESE*, Hugo C. HUURDEMAN*, Muharrem YILMAZ*, Dydimus ZENGENENE* Abstract

Transcription

1 BİLGİ Audrey DÜNYASI, ANDAY, Enrico 2012, FRANCESE 13 (1) et al. Information Security Issues in a Digital Library Environment: A Literature Review Dijital Kütüphane Ortamında Bilgi Güvenliği Sorunları: Literatür Değerlendirmesi Audrey ANDAY*, Enrico FRANCESE*, Hugo C. HUURDEMAN*, Muharrem YILMAZ*, Dydimus ZENGENENE* Abstract This paper aimed to explore the literature on security issues that digital libraries should consider in managing digital resources. Books on information security and network security were consulted as well as several databases such as ERIC, Ebrary, LISA, Science Direct, EbscoHost, ISI, Google Scholar, ProQuest, Emerald Insight, ACM were searched to understand what particular aspect of information security and privacy in digital libraries exist from Security in digital libraries is an issue of the most important, and should be considered carefully in creating policies and strategic plans of institutions wanting to set up a digital library. This paper focused on the four main streams that concerns security in the digital environment, namely: infrastructure, digital content, users and standards and legal issues. This literature review also built upon previous literature reviews, and is one of the few of its kind in the topic. Keywords: Information security, Digital libraries, Data protection Öz Bu çalışma dijital kütüphanelerin kaynakların yönetiminde göz önünde bulundurması gereken güvenlik sorunlarına ilişkin literatürü ortaya koymayı amaçlamaktadır. Bilgi Güvenliği, Ağ Güvenliği, Kişisel Gizlilik konuları üzerine yıl aralığını kapsayan kitaplar ve makaleler ERIC, Ebrary, LISA, Science Direct, EbscoHost, ISI, Google Akademik, ProQuest, Emerald Insight ve ACM gibi çeşitli veri tabanlarından taranmıştır. İncelenen literatürden elde edilen sonuçlara göre, bilgi güvenliği dijital kütüphaneler için son derece önemli bir konudur ve dijitalleşme sürecinde bir kütüphane, güvenlik politikalarını ve stratejik planlarını dikkatle göz önünde bulundurmalıdır. Bu araştırmada dijital ortamda güvenliği ilgilendiren Altyapı, Dijital İçerik, Kullanıcılar, Standartlar ve Hukuki Konular olmak üzere dört ana madde üzerinde durulmuştur. Bu çalışma ayrıca daha önceki literatür taramalarını da kapsamaktadır. Anahtar sözcükler: Bilgi güvenliği, Dijital kütüphaneler, Veri koruma * Master Students; International Master in Digital Library Learning (aganday@gmail.com), (efrancese@gmail.com), (hugohuurdeman@gmail.com), (yilmaz.muharrem@gmail.com), (dydimus.zengenene@gmail.com)

2 Audrey ANDAY, Enrico FRANCESE et al. Introduction Society has been increasingly dependent on information technology (IT) for several years now. In this Information Age, millions of users (or participants) access and exchange billions of objects of information content in complex work flow processes (e.g., commerce, learning, health care). The research community uses computer systems to perform research and to disseminate findings. Information sharing has been made easier and less expensive by Internet technologies and global networking infrastructures, but availability of such information systems comes at the expenses of higher risks. In the long run, information is not preserved, websites tend to disappear frequently and digital media become obsolete easily and there can be an abuse in the privacy of information. Moreover, the integrity of the systems could be compromised. Access control is often described as rules regulating how participants are allowed to access object and could also be viewed as information flow control because every access results in flow of information between entities (either or both participant and object) (Chen, Choo and Chow, 2006). The integrity and availability of all these systems have to be protected against a number of threats. Hackers, rival corporations, terrorists and even foreign governments have the motive and capability to carry out sophisticated attacks against computer systems (Patel, Qassim and Wills, 2010). Thus, security mechanisms appropriate for Internet-based, real-world applications should be a prerequisite. Unless an attack is successful or a system is compromised, security in general, intrusion detection (ID) in particular, is rarely noticed by management. When security fails and the notification is too late, only would managers consider viewing the security issue as visible as their organizational needs. Such crisis would finally open the sense of importance of security in any given system (Goodall, Lutters and Kondoli, 2009). Dorsish et al. (2004, p.391), mentioned in their paper that effective security solutions depend [ ] also on people s ability to understand them and use them as part of their work. Moreover, Birnbaum (2004), in his talk shared that in today s information-rich world, digital libraries would play an essential role and will assume central positions of even more significance in pervasive systems. They will not only serve as repositories of knowledge and information, and as the primary mechanism for its retrieval and distribution, but they will also be the focal point for the integration of information and scholarship across all boundaries of application, language, and media. Since they will also inevitably become the target of malicious attack by people seeking unauthorized information, and by terrorists seeking to disrupt the global information infrastructure and the physical infrastructures built upon it, it is both timely and essential to study the cyber security characteristics future digital libraries will have to support. 118

3 Information Security Issues in a Digital Library... BİLGİ DÜNYASI, 2012, 13 (1) Furthermore, Tyrväinen in 2005, as cited in Fox and ElSherbiny (2011), considered the security as an important issue in digital library design. Security weaknesses in digital libraries, coupled with attacks or other types of failures, can lead to confidential information being inappropriately accessed, or loss of integrity of the data stored. These in turn can have a damaging effect on the trust of publishers or other content providers, can cause embarrassment or even economic loss to digital library owners, and can even lead to pain and suffering or other serious problems if urgently needed information is unavailable (Fox and ElSherbiny, 2011, p.8). This paper reviews literature about security issues in the digital environment specifically what digital libraries should be aware of in the first place. Methodology The search strategy that was employed for this literature review involved searching printed and online materials. Books on information security and network security were consulted as well as several databases such as ERIC, Ebrary, LISA, Science Direct, EbscoHost, ISI, Google Scholar, ProQuest, Emerald Insight, ACM were searched to understand what particular aspect of information security and privacy in digital libraries exist from Several keywords used to search catalogues and databases include digital libraries AND security, security in digital libraries, information security in digital libraries, threats information security, wireless security, database security, system security ontology library, security AND libraries, security in libraries, privacy in libraries, information security, digital content security, information security AND legal aspects, information security standards, information security AND digital library, data protection law A very broad spectrum of articles that deals with the whole concept of security came out; so we decided to limit the articles to those that pertains to the four main streams that concerns security in the digital environment: 1) Infrastructure - This section focused on the importance of security applied in any system infrastructure that covers securing hardware and software, ensuring network security, and looking into Web vulnerabilities that can distract the smooth flow of communication and transfer of information in a wired or wireless environment. 2) Digital content - This section discussed how important it is to also ensure that digital content are secured in a digital environment and describes some of the steps that can be undertaken in order to recover important data and attain the real purpose of preservation. 3) User information security - This section illustrated some issues pertaining to the terms of security of systems, maintaining the confidentiality of users within a digital library environment i.e. their private information are kept in a trustworthy manner and is not used without their knowledge. 119

4 Audrey ANDAY, Enrico FRANCESE et al. 4) Standards and legal issues - This section provided an overview of the development of the different existing standards in ensuring security of any system which can serve as basis for formulation of polices and guide in setting up a system in digital environment. 1 - Infrastructure According to Lampson (2004), people have been working on computer system security for over thirty years and they have registered notable intellectual success. However, the security risk of millions of deployed computer systems is so high that a determined and competent attacker could destroy most of the information on almost any of these systems or steal it from any system that is connected to a network or even attack millions of systems at once. Library computers are not safe, they are physically vulnerable to theft, damage and destruction, but, most of all, they are vulnerable to attacks by a host of malware agents which include Trojans, viruses, worms, adware, spyware, pornware, keystroke loggers, password stealers and others (Zimerman, 2009). Hackers, viruses, worms, and trojan horses as external extrusions which libraries should be able to handle (Al- Suqri and Afzal, 2007). Computers are not safe because they have the most popular antivirus software; instead it is more dangerous to believe that one is safe when he/ she has antivirus software installed. There are criminals who specialize in targeted attacks, making it more difficult to handle the risk with the traditional antivirus systems (Zimerman, 2009). Given the value of information that they hold, digital libraries have to be worried about this problem. Danger is a multifaceted threat which faces every computing environment, however there are protection systems that have to be applied but some are too expensive for a library and they only help to minimize but are never perfect (Zimerman, 2009). In a library environment it is even harder since it is difficult to control behavior of many users. Lampson (2004) summarizes it all by his phrase security is pain, arguing that the threat of IT security does not seem very high until one is attacked, however implementation of security is expensive and takes time from hours of production even if it does not directly contribute to production. The pain is even higher in libraries where the output is a service which is usually offered free of charge. 1.1 Securing the Hardware Hardware security is the security of such equipment as computers, printers, monitors etc which libraries find indispensible in their day today functions especially in this digital era. There is need to keep such hardware in secure rooms under physical lock and key and an inventory system should be implemented for easy tracking. Control deters theft of property, unauthorized access to servers thereby preventing tampering with server settings, corrupting data, or gaining access to programs and confidential information (National Forum on Education Statistic, 2003). In order to maintain hardware security, it is important to implement strong physical security measures. 120

5 Information Security Issues in a Digital Library... BİLGİ DÜNYASI, 2012, 13 (1) Network security In a digital library...resources are accessed via the Internet and networks are playing a vital role in connecting these information sources (Singh, 2003). In the digital age availability of secure, efficient and cost effective networks of access, would be the core competency of the libraries. It would be vital for libraries to secure networks so that the integrity of data can be maintained (Al-Suqri and Afzal, 2007). Network equipment include hubs, routers switches and cabling. For the hardware that supports the network it is necessary to implement security measures that correspond to all other sensitive hardware equipment (National Forum on Education Statistic, 2003). Computer networks now exist as wired and/or wireless networks and security measures in these environments are different. Libraries tend to use wired networks for machines which are fixed in their premises. Wireless networks are used for connecting users who might be having their own mobile gadgets to connect to the network. To ensure security of physical networks, it is important not to allow users to install unauthorized network equipment, use secure passwords for root access, ensure proper cabling and cable protection (National Forum on Education Statistic, 2003). A wireless network is a network that uses high-frequency radio waves rather than wire to communicate between two nodes. The wireless network infrastructure has brought about better flexibilities in terms of geographical limitation as well as hardware and software accommodated. Mobile phones and other gadgets other than personal computers are joining the network realms which were previously the domain of personal computers connected through wires (Khalil, 2004). Wireless networks will be the standard mode for information access for both oncampus and classrooms connectivity. This technology is already helping students to interact with digital library systems on the net (Khalil, 2004). Wireless networks have however also brought with them a great degree of risks as far as network security is concerned. Unlike in the wired network, security in a wireless network is more of concern because network transmissions are available to anyone within the transmitter with the appropriate antenna, physical access controls like doors and locks do not help. Sniffing (intercepting) is much easier because the radio transmissions are designed to be processed by any receiver within the range and also that they have funny boundaries beyond the intended one (Gast, 2002). For that reason, the wireless networks is a double edged sword which possesses both high potential and high risks (Porter, 2002, p.16). Wired networks are also insecure since it is possible for an attacker to tap electromagnetic energy that is radiated by wired networks; however this is by use of sophisticated equipment and involves relative proximity to the cables unlike the wireless signal which can easily overlap across the intended boundaries (Porter, 2002, p.21). Due to the increase on the use of mobile gadgets, digital libraries are increasingly being accessed via wireless networks. That implies the need to consider investment in wireless network security if the integrity of information resources is to be maintained. 121

6 Audrey ANDAY, Enrico FRANCESE et al. 1.2 Operating system security The operating system is the underlying system on which application programmes run. Therefore, the choice of an operating system plays a critical role in ensuring system security. Operating systems ensure access to centralized resources including applications, access privileges can be granted or restricted thereby regulating the use of network resources. Some operating systems are easier to run yet they are less secure than those that might be difficult to run. In any case the system must be hardened or secured by removing unnecessary functions, restricting access and tracking changes and processes. There are several free open source operating systems available for free and proprietary operating systems for which libraries have to pay; however the cost of purchasing a system is not a guarantee for security. It is however possible to run a mixed computing environment where systems run on different operating systems but there is need for experience and high degree of expertise in administering such environments even though they guarantee better security (National Forum on Education Statistic, 2003). Libraries are therefore advised to consider establishing mixed computing environments even if the costs of maintenance are high. Database security Databases are very critical parts of the library information system as the key hosts of metadata, and other administrative information. Databases employ security systems as those of operating systems but users are assigned certain types of groups called roles. For example the head librarian and the library clerk have different roles in the system and that controls what each user can view or edit in the database. Database security can be maintained discretely or can be integrated with operating systems. That implies that users will require only one logon into the system. Database security mechanisms are effective if they are used in conjunction with proper security mechanisms implemented at the front end application like dynamic web pages (National Forum on Education Statistic, 2003). Databases have the capability to offer access to resources as defined by roles and profiles and should be based on the respective functions. A database should also have tracking features that can track when the database was accessed by whom and what changes took place. For instance; it must be possible to trace who added an article to the collection and when. Data transmission should be secured using protocols such as Secure Socket Later (SSL) or Secure Shell (SSH). SSL is a public key cryptography based confidentiality mechanism which is historically associated with web pages accessed via the secure hypertext transfer protocol (https) even though it can be used to encapsulate any protocol. Porter (2002) judges that SSL is best for protecting transaction based protocols such as web traffic and mail transactions. SSH is a secure replacement for commands such as rlogin, rcmd, and rshel. SSH also uses public key cryptography like SSL but does not rely on trusted authority to issue the public/private key pairs (Porter, 2002). 122

7 Information Security Issues in a Digital Library... BİLGİ DÜNYASI, 2012, 13 (1) Web application level vulnerabilities Despite the laws in European countries that mandate secure sites, many library websites have serious security flaws which render then vulnerable to attacks (Kuzma, 2010). From a research conducted in European countries, almost 80 percent of web related flaws were caused by web application vulnerabilities with the three main common types being: Cross scripting, Denial of Service and SQL injection. Major causes for these problems are pointed to be, lack of updating software versions, developers install the default software and forget the need to update, lack of consideration of security flaws, lack of upgrading software correctly and lack of effecting coding practice during designing and development (Kuzma, 2010). Cross-site Scripting Cross-site scripting is a security vulnerability that allows the injection of programming code by malicious third parties into web pages hosted on a server. This allows risks by allowing fishers or fraudsters to launch an attack without directly targeting or gaining access to a legitimate website. This allows unknowing and unsuspecting web visitors to see forms input and send data or to be exposed to malicious downloads on other content while viewing your website (Cyveillance, 2008). Denial of Service Denial of Service (DoS) is a type of attack that prevents access to network resources and this can be devastating and difficult to protect against and DoS involves flooding the network with traffic choking the transmission lines and preventing other legitimate users from accessing services on the network. Denial of access can come as various types of attacks at different layers of the OSI model but all leading to network flooding (Porter, 2002). SQL Injection SQL injection attacks are a type of injection attack, in which SQL commands are injected into data-plane input, in order to affect the execution of predefined SQL statements. It is a common threat in web applications that lack proper sanitization on user-supplied input used in SQL queries (Guimarães, 2009). Due to the increased need to offer computer aided web-based services, libraries must be aware of all these possible infrastructural threats and protect their data and the entire system. 2 - Data Security The core of any information system is the data contained in it: Libraries make no exception. With data we mean both the documents and the meta-information applied to them: OCLC (2006) reminds that For disaster prevention and recovery, all data 123

8 Audrey ANDAY, Enrico FRANCESE et al. (content and metadata) is considered of equal value. A secured system with corrupted data is useless; in the same way, the data storage within a frail infrastructure is weak and exposed to danger. System security and data protection go hand in hand, part of the same side in what Fox (2006) calls the two-front war. From one side we must protect our patrons, their privacy and confidentiality as well as their electronic devices. On the other hand there is the need to protect the digital content itself and the electronic infrastructure from abuse. 2.1 Background Fears The risks of digital preservation which libraries and archival institutions have to consider were foreseen since the end of the 1990s. Authors called for attention to these issues assuming dramatic tones, speaking of digital dark ages (Kuny, 1997) and a time-bomb for digital libraries (Hedstrom, 1998). The first author to claim risks for the digital preservation was Rothenberg (1995, p.2), who indicated the risk of format obsolescence as the main threat to the digital cultural heritage: although its reproducibility make digital information theoretically invulnerable to the ravages of time, the physical media on which it is stored are far from eternal. [...] The contents of most digital media [...] become unusably obsolete much sooner, as they are superseded by new media or incompatible formats. Moving his steps from this article, Kuny raised several points which in part repeat the concerns pointed out by Rothenberg (1995): Enormous amounts of digital information are already lost forever. Information technologies become obsolete very quickly. Document and media formats continue to proliferate. Technology standards will not solve fundamental issues in the preservation of digital information. Libraries will shortly see a demographic bulge of electronic material as the baby boom generation of authors and academics contribute material gathered during their careers. Much material will never make it into library collections for preservation because of increasingly restrictive intellectual property and licensing regimes. Archiving and preservation functions in a digital environment will increasingly become privatized as information continues to be commodified. Kuny shared two main concerns with Rothenberg (1995): The actual risk of obsolescence and the distrust for standards. The lack of faith in standards is due to the fact that commercial software vendors are not willing to play on. The challenge in preserving electronic information is not primarily a technological one, it is a sociological one (Kuny, 1997, p.4). 124

9 Information Security Issues in a Digital Library... BİLGİ DÜNYASI, 2012, 13 (1) Hedstrom (1998) looked at the standard issue with a different perspective. For her, the problem is that Digital preservation is constrained by the absence of established standards, protocols. In 1998 she just saw the situation as not mature enough. We will see in section 4 of this paper that since the time of Hedstrom and Kuny were writing, a lot of new developments happened in the field of standards. In this section we focus on the problems of data safety and preservation. 2.2 Obsolescence A definition of obsolescence is given by Pearson (2008). Reminding that A file format is a particular way to encode information for storage and use, he defines obsolescence as: the development of new format encodings that take the place of already existing formats in the marketplace of use; and the changes in the availability of presentation tools, generally (although not exclusively) in the direction of decreasing availability, for any particular file format (Pearson, 2008, p.91). According to Rosenthal (2010a), obsolescence has proved to be a minor risk: format obsolescence is a rare problem that happens infrequently to a minority of unpopular formats. Nevertheless, he proposes two solutions: a standard solution and an alternative one. The standard solution consists of migration: it is based upon public registries of format specifications and the creation of software which converts files in obsolete formats to usable files. A format registry is a repository for format representation information or, in other words, descriptive, administrative, and technical metadata about digital formats, including the definition of the syntactic and semantic characteristics of the registered formats. This metadata defines the significant properties of digital formats with regard to the long-term preservation of digital objects (Abrams, 2005, p.131). The alternate model is based upon emulation: the obsolete file is rendered in a replica of his original environment. Open-source technology is very important in order to create working emulators (Rosenthal, 2010b). Abrams (2005, p.129) notes that emulation differs from migration in the fact that the file is not manipulated but its integrity is kept at its original conditions. 2.3 Data security backup The main safety measure for the integrity of data is the backup (Whitman, 2003). Hadow (2009) clearly indicates backup as the main way to protect content ( The most reliable backups store the copied data off the premises, preserving it from physical damage. ). The OCLC Digital Archive Preservation Policy (OCLC, 2006, p.10) details a state-ofthe-art backup strategy. The main points can be summarized as: backups are made on tape support; data and metadata are treated together; operations are handled by specialized dedicated staff ( OCLC maintains staff solely dedicated to network and system security, including at least one Certified Information Systems Security 125

10 Audrey ANDAY, Enrico FRANCESE et al. Professional. ); backups are kept in secure off-site storage facilities ( All computer rooms are protected from fire by a halon gas fire suppression system. All computer rooms are climate-controlled with raised-floor environments ) whose access is strictly regulated ( Access privileges to the computer room are limited and are reviewed every three months. Each access is logged, recording information such as the staff person entering, the door entered, and the time ). The off-site facilities must meet the highest industry standards for safety and security. Rosenthal (2010b) shows how data storage has become easier and easier in the last years thanks to the development of technology and the lowering of the related costs: Storage is cheap, so if there is a chance the data could possibly be useful, we keep it. We know that storage isn t completely reliable, so we keep backup copies as well. Despite this, backup is not 100% reliable and easy to achieve. In the same article Rosenthal shows the difficulties related to the planning and cost of the backup systems: Our inability to compute how many backup copies we need to achieve a reliability target is something we are just going to have to live with. He also reminds that in the real world failures are inevitable, especially in the large-scale digital preservation projects required by today s institutions. In a different article of the same year Rosenthal (2010a) returns to the false claim that storage is free or low cost: again, at the scale of real digital preservation and with an appropriate number of copies this is certainly not true. Then it is often said that bit preservation is a solved problem, but at the scales and for the durations needed in digital preservation this is unfortunately not the case. In the backup era, this solution has a drawback: Ironically that ability to mirror and duplicate digital objects also becomes a liability when data is stolen that was not intended for public consumption (Fox, 2006). This aspect of digital information is seen as a potential flaw even by Kuny (1997), who notices how Digital collections facilitate access, but do not facilitate preservation, and by Hedstrom (1998) who claims that The two terms mass storage and long-term preservation embody a contradiction in the current state of affairs of digital library development, representing a time bomb that threatens the long-term viability. Maniatis et al. (2005) also point out the peculiarity of the backup strategies required by digital preservation projects. They make three starting points: Digital preservation systems have some unusual features. First, such systems must be very cheap to build and maintain, which precludes high-performance hardware such as RAID (Patterson et al as cited by Maniatis, 2005) or complicated administration. Second, they need not operate quickly. Their purpose is to prevent rather than expedite change to data. Third, without central control and in the face of possible interference from attackers or catastrophic failures of storage media such as fire or theft, must function properly for decades. 126

11 Information Security Issues in a Digital Library... BİLGİ DÜNYASI, 2012, 13 (1) Policies Data backups, just like all the security measures discussed in section 1, must be part of what we call disaster recovery plan. Fox puts it very plain: Having a disaster recovery plan is very important (2006, p.255). All the literature agreed that backup practice is nothing if not supported by a clear preservation policy, which involves also security and information literacy and staff training and education (Kouzma, 2010, and Balas, 2005). Whitman (2003) and Parkin (2009) also stress on the importance of policies for an efficient digital preservation plan. We examined two policies: OCLC Digital Archive Preservation Policy and Supporting Documentation (OCLC, 2006) and the report Digital Preservation Policies, prepared for JISC in 2008 (Beagrie, Semple, Williams and Wright, 2008). OCLC openly confirms the claims reported by Kouzma (2010, p.5): A preservation strategy must include more than just what can be achieved by good system back-up procedures. A strategy is needed also to ensure the long-term accessibility of digital content objects deemed to have enduring value. The JISC report is interesting also because it aims to be a model for further preservation projects. Our objective therefore has been to produce a practical guide for developing an institutional digital preservation policy (Beagrie et.al, 2008). The policies addressed the preservation problem in an organic way, embracing all the aspects of the institution: from the definition of the Principle Statement which guide the policy itself, to the connection with all other practices engaged by the institute, to the definition of the content and the practices to implement. 3 - User Information Security Computer systems have become an essential element of libraries. As patrons are using library systems, a large amount of transaction data about users is being recorded, and often stored in the systems. This development has severe implications for the security of user data. The already mentioned two-front war that is being fought by libraries results in the need to protect library systems against various types of abuse (see section 1), and the need to guard the confidentiality of their users (Fox, 2006, p.250). Not only hackers and criminals can try to gather confidential data, but also government agencies can do inquiries about library users (Bowers, 2006). The previous section covered the safety of data with respect to accidents and obsolescence, and data preservation policies. Another important issue in libraries is the security of user information, which will be discussed in this section. We will firstly define privacy and confidentiality. Subsequently, we discuss types of privacy issues in the library context, as gathered from the literature. We will also discuss threats to security of user information, trust issues and finally look at security principles regarding user information used by libraries. 127